Chris: This is the time to describe concrete issues and assign actions for concrete proposals. Please raise
them.

Chris continues with point 3 in Scope section...

scribe: No questions on point 3.

Chris continues with policy attachment...

Ashok: What about if we wanted to attach policy to sth else such as JMS (other than WSDL and UDDI)?

Maryann: We only talk about those that are defined. This is a general mechanism.

Chris continues with Section 1.1 and 1.2...

Toufic: On Negotiation, how strongly people feel that it is out of scope? ... There is a mechanism for
intersection so it may fall into the scope.

Glen: It should not be deemed out of scope for a discussion topic. However, we may not go far to build a
mechanism for this.

<maryann> toufic- the term "negotiation" being out of scope may be problematic, it is a real use case

<maryann> toufic- we have mechanisms for intersection

<maryann> if you include negotiation you need to include management ( yakov)

<maryann> (asir) when you include negotiation, its a general thing

<maryann> (asir) any negotiation is a general problem and should be solved in a general way

<maryann> (toufic) ssl has negotiation

PaulC: 2 comments. When we go farther down in the charter, we have a deliverable for charter for future work.
Please raise this as an issue. We can have a finite discussion and decide whether we want to do this for v.next. ... I don't think we should
have a high bar for our issues list. We should capture such issues in the list.

Toufic: Ok.

Chris: Mapping Policy is next...

Chris reads Alternate Representations...

Chris: Any Questions?

None noted.

Chris continues with Deliverables

scribe: Our first public draft is in July. We have editors drafts right now.

Chris reads the milestones. We have 13 months for recommendation.

No comments were made on the milestones.

Chris reviews the rest of the document and the time line.

Umit: When do we decide about the next charter split? Can we do the work, such as negotiation parallelly?
... Our charter is very constrained.

PaulC: There are several options. TF in our group or create an incubator group for additional work.

<whenry> thnx

ChrisF: As long as it does not interfere with the work of this workgroup, there are several options we can
follow.

Chris continues with Dependencies.

<whenry> AER we saying that discussing SLA as part of WS-Policy are out of scope for now?

<maryann> scribe lost connection - maryann to fill in

<maryann> (chris) apologies in advance for dogs barking in the background on calls

<maryann> (chris) meetings-

<maryann> if we fall behind we may need an additional meeting

<maryann> we understand around the holidays people need more time

<maryann> communication- member list is only admin or member confidential information

<maryann> everything else should be on public list

<maryann> decisions- consensus for decisions wil be the focus

<maryann> this is not driven by roberts rule, so the chairs will seek to find consesnuse where possible, but
call for decisions when the group is seen to be reaching an impass

<maryann> (paul) one technique I use, is to ask each party to represent the pros and cons of the other side
of the argument

<maryann> (paul) earlier in the process that issues surface, the earlier we will reach consensus

<maryann> (paul) the chairs have the responsibility to meet the charter

<maryann> (paul) people should realize that achieving half of your issues can be seen as a mark of success
for "consensus" and you always have the alternative of filing a fomal objection

<maryann> (felix) you can also come to me as the W3 rep

<maryann> (chris) one technique I use is to send people off to the bar

<maryann> (paul) there is a strong correleation between the quality of the bar and the quality of the
results

<maryann> (umit) chris is going to have to take me to the bar alot

<maryann> (chris) patent policy

<maryann> any questions

<maryann> (phillipe) are people familiar with the patent policy?

<maryann> maybe felix can say a few things

<maryann> (paul) myabe a few words on when the policy kicks in

<maryann> (paul) sends mail to the AC reps, this can be an issue

<maryann> (felix) it may be that the participants get notified

<maryann> (felix) I'll take an action to find out who gets notified

<maryann> (chris) we'll take a break and make it 30 minutes and try to resolve the network connectivity
issues

<bijan> So, returning at 10:50?

Schedule Review

Chris: We remind you that we will not take a break in August. ... Let us know in advance if you are going to
take a vacation. ... We had a discussion on time slot 12:00-2:00pm EST previously. This was a difficult challenge to agree on this
timeslot. ... We considered other options, but we recommed that we leave it on this time slot until September.

Chris reviews the concall schedule in the agenda. No concall next week.

Glen: Why don't you want to have a Wed meeting next week?

PaulC/Chris: Travel takes a week. In addition, editors may need the following week for revising the docs.

Chris: Microsoft offered to host Sept 12-14 F2F meeting.

Glen: Can we have couple of slots to pick from?

PaulC: It was in the charter.

Glen: We may be able to host the November f2f meeting. I will check the availability

The second document is the Understanding WS-Policy document where the examples reside.

<ssoltysi> thanks.

Asir moves on to Part 2

Asir: Page 13 contains an example.

Slide 17

Ashok: Could you motivate the normal form?

Asir: The next 2 slides will come to that ... No policy reference exists in normal form.

Page 15 example illustrates the normal form.

<maryann> (Asir) policy reference is replaced with expression

Slide 19

Asir: The Policy is not required, but it is a useful piece of metadata. The policy aware tool on the other hand
must choose one of the alternatives. ... QName of the assertion identifies the behaviour of the assertion. ... Within an assertion, the
parameters are opaque. ... there is a direct mapping between the normal form and the data model.

<bijan> +1

<bijan> er

Slide 20

<bijan> That's what I wanted :)

Asir: This illustrates the mapping

Slide 21

Look Page 21.

scribe: Contoso may be supporting several alternatives

Fabian: What if your assertions have the same attributes but they take different values?

<bijan> 1) what does "behavior of the assertion" mean

Asir: In this case, he specific domain may need to extend the compatibilty definition to extend to the
parameters.

<bijan> 2) Can policies (in normal form) be incoherent? E.g., you have two equivelent collections of policy
assertions

Asir: c1 and c2 are compatible with t1 and t2. (C for Contoso's Policy, T is for Tony)

JeffM: Where is the only if part?

Asir: It is in the spec, this is not complete.

Slide 22:

Asir: Example is in page 26

Slide 23:

Asir: What is extensible, what is the name and what is the processing model for extensions are the questions to
be answered. ... In this case, the existing clients do not need to change. This level of versioning support is not new.

Chris/Umit: Not everyone agrees with this definition, though.

Slide 24

Asir: The policy assertion is the key

Slide 25

Asir: There are three different assertions. ... they contain several parameters.

nested policy assertion affects the intersection algorighm, but the parameters do not.

Slide 26

Slide 27

Asir: Device profile is listed in this slide.

PaulC: How many people want to ask questions?

Many hands raised.

PaulC: Lets time bound the discussion for those questions.

Glen: What is the intent of QA? Clarification or for raising issues?

PaulC: Lets get all out on the table.

<Fabian> it's lunch break

<bijan> Ah

<bijan> But my questions are in the irc buffer

<pbc> We will be reconvening at 1:30pm CT - in about 10 min.

<abbie> ok

<maryann> Q& A session about to begin

<maryann> questions from the phone?

<maryann> first question from the archive- "behavior of the assertion"

<maryann> [asir] description of the assertion....the name of assertion indicates the behavior

<maryann> [glen] the content is the details

<maryann> [asir] parameters carry details

<maryann> [glen] tricky line between semantics of q name and semantics of the content

<maryann> [glen] careful about design of the assertion space to make sure you communicate

<maryann> [maryann]

<maryann> [paul] if this reflects to what was logged .....

<maryann> [asir] separation between qname and parameters, the qname indicates the behavior and the parameters
indicate detail

<maryann> [paul] we may not have captured this comment

<maryann> [maryann] the decomposition of a domain needs to be done by experts who understand the way the
framework will work in order to correctly capture the semantics

<maryann> [asir] when you have 2 alternatives, the author made duplicates, in interacting you have to chose
one of them

<maryann> [paul] since policy doesn't express which option you chose

<maryann> [dale] does exactly one mean you select one of them?

<maryann> [asir] there is text in 3. something that explains it

<maryann> [dale] you select these things it is an accident if they are equivalent

<maryann> [paul] it is bad to have domains where the alternatives are orthongonal

<maryann> [ashok] this is one of the things i will bring up tomorrow

<maryann> [paul] request to discuss this further after Ashok's presentation

<maryann> [yakov] support the same issue, you can have security problmes

<maryann> because so many policies exist

<maryann> [yakov] you might need "if and only if"

<maryann> [asir] you have policies with stronger security and one with weaker it shouldn't be in the
policy

<maryann> [umit] do you want a preference?

<maryann> [asir] will Ashok send slides?

<maryann> [ashok] yes late tonight ( just in time slides)

<maryann> [maryann] there are ways that the framework can enable policy domain authors to correctly represent
the semantics of the domain

<maryann> [maryann] the spec does not currently have any way to indicate that alternatives are
"preferred"....all alternatives are equivalent

<maryann> [paul] dale has questions,

<maryann> [dale] one of the examples ....is it required that policy use the "optional' or can they represent
"optionality" through the qnames

<maryann> [dale]there is a little confusion between what part of the assertion semantics should be used by
the framework or the domain

<maryann> [asir] expresses a requirement of a domain, here it is represented, best practice is to use
optional

<maryann> [dale] framework provides a constraint on authors

<maryann> [asir] page 32 optional behaviors

<maryann> [dale] will best practice express these?

<maryann> [paul] the group will need to decide what is the best way to communicate

<umit> We really need a policy authors guideline document. All the issues mentioned so far are examples of
the hurdles that the domain authors will face.

<maryann> [paul] we have an option to develop a primer

<maryann> [paul] having something in the normative spec might be appropriate, we have to discuss this

<maryann> [paul] we can try to make some of this more approachable

<maryann> [dale] point 2...... boundary betewen domain and framework, is there any standard device
recommended?

<maryann> [phillipe] wasn't it in a previous draft?

<maryann> [asir] yes it was difficult and complex for interoperabilty

<maryann> [dan] and so it was removed

<maryann> [ashok] there is part of the framework you didn't mention

<maryann> [ashok] what are the semantics of the "absence" of an assertion?

<maryann> [asir] the absence of an assertion?

<maryann> [ashok] yes absence

<maryann> [asir] the absence of an assertion means it makes no claims about it

<maryann> [ashok] that's not what the spec says

<maryann> [ashok] if the assertion does not appear it is not ....

<maryann> [asir] this is an issue that was raised in the TX working group

<maryann> [asir] section 3.2 second paragraph

<abbie> siging off,

<maryann> vocabular is the union of all types

<maryann> [dan] so if the author has a type in one alternative, but not in another alternative, the spec is
ambiguous

<maryann> [ACTION] Dan / Fabian will write up the issue for 3.2

<maryann> [ashok] so what if the type is not part of the vocabulary

<maryann> [umit] what is the vocabulary for the web service can include other information not expressed by
policy

<maryann> [paul] it is possible that someone could construct a message that succeeds in being "accepted" by
the web service

<maryann> [maryann] the spec and the framework are meant to be declarative

<maryann> [umit] the problem is the actual statement ( which is the subject of the action for Dan &
Fabian)

<maryann> [asir] from the framework level there is one intersection model

<maryann> [asir] domain authors can extend this

<maryann> [asir] there are delegation models for implementation

<maryann> [glen] there is an issue here

<maryann> [glen] one of coverage....being complete

<maryann> [glen] if the framework had a "must understand" bit it indicates that you know what to do when you
see that qname, without that bit, you might get the right results

<maryann> [paul] can i help? this is like a subtyping hierarchy

<maryann> [paul] intersection model tells you how to do top type comparison

<maryann> if you have canadian addresses and us addresses, how do declare what the comparison deals with,
does the subtype have to know how to compare fields in the canadian address

<maryann> [paul] will someone own writing up this issue?

<maryann> [paul] if you have optional content defined by the domain assertion how do you indicate to the
policy engine doing the intersection when or if it should take that content into consideration

<maryann> will someone own this issue and track it on the mailing list

<maryann> [glen] is there a formal way to track issues

<maryann> [paul] yes this is on the homepage

<maryann> [ruchith] nested policies, can be used as a way to constrain the subtypes

<maryann> [glen] there are the same limitations on the nested assertions

<maryann> [ruchith] there are examples in security policy

<maryann> [paul] yes these will be covered when Tony does a presentation tomorrow on security policy

<maryann> [dale] there might be some standard way to do this,

<maryann> [paul] ashok is familiar with this topic as "deep equals"

<maryann> [paul] spent 5 years trying to get agreement on this

<maryann> [paul] its very comples

<maryann> [dale] is that needed here

<maryann> [paul] don't know

<maryann> [ashok] sometimes people want exact match, there are many variations

<maryann> [paul] you can do this in sql

<maryann> [seamus] general question- processing model thoughts, recursive, can result in complex processing,
if you look at the apache framework is to create a wrapper around the DOM model .....processing assertions this

<maryann> [maryann] there is some text warning about that in 3.1 the last paragraph

<maryann> [paul] what has apache done?

<maryann> [they have represented an assertion as a wrapper around the

<maryann> DOM you have to walk the DOM tree, and they don't have a framework

<maryann> there has been a problem identitfied .... i can talk about implementation

<maryann> and there is new code checked in

<maryann> there is an assertion added

<maryann> domain specific authors decide

<maryann> [pau] the first implementation does the api level

<maryann> [paul

<maryann> the second approach is to use domain assertions

<whenry> quit

<maryann> [maryann] do we discuss implementations here?

<maryann> [paul] as to Maryann's point, we probably need to do some due dilligence to look at this and see
what./if we need to add text

<maryann> [ashok] client is doing matching and server is doing matching...they better be doing the same
domain specific semantics or you may get different results

<maryann> [pau] this is part of XML processing

<pbc1> Domain authors should be cognizant of the processing requirements when defining complex assertions
containing additional assertion content or nested policy expressions. Specifically, domain authors are encouraged to consider when the identity of
the root Element Information Item alone is enough to convey the requirement (capability).

<maryann> [paul] this is an important piece of information for developers

Toufic: key references - are there any way to categorize this using the tModels?

Maryann: this is a proposal and needs to engage the UDDI experts (address issues, if any)

Toufic: this is a concern in the UDDI attachment mechanism, will file issues as appropriate

Maryann: explore interpretations on how WSDLs are expressed in UDDI

Paul: you mentioned few issues. Do you plan to point them out as we walk through the specs?

Maryann: yes

Ashok: request to elaborate on effective policies for WSDL

Slide: Example- stock quote

Slides 10 and 11

Glen: request to clarify the partitioning of WSDL constructs into policy subjects and the semantics of
associating policies to policy subjects

Umit: need clarification on the granularity of attachment points for a given assertion

<cferris> glen: think that this is not about any given domain, use the domain asertions as examples, but talk
about wsdl as a description and say that there are a generic set of rules for endpoint, port, binding, etc.

<cferris> mah: so is this a wsdl thing or a policy thing?

<fsasaki> Paulc: You say there is not enough in attachment about how to handle that?